The increased complexity of the cloud requires stronger cybersecurity

A Thales report, conducted by 451 Research, finds that 45% of organizations experienced a cloud data breach or audit failure in the last 12 months, up 5% from the previous year. which raises even greater concerns about protecting sensitive data from cybercriminals.

Globally, cloud adoption, and especially multicloud adoption, continues to rise. In 2021, organizations around the world used an average of 110 software-as-a-service (SaaS) applications, up from just eight in 2015, which is a surprisingly rapid increase.

There was a noticeable expansion in the use of multiple IaaS providers, with 72% of enterprises using multiple IaaS providers, up from 57% the previous year. The use of multiple vendors has nearly doubled over the past year, with 20% of respondents reporting using three or more vendors.

Despite their growing prevalence and use, enterprises share common concerns about the increasing complexity of cloud services, with 51% of IT professionals agreeing that managing privacy and data protection is more complex in the cloud. Additionally, the journey to the cloud is also becoming more complex, with the percentage of respondents saying they plan to lift and move, the easiest migration tactic, dropping from 55% in 2021 to 24% currently.

Security Challenges of Multicloud Complexity

With the growing complexity of multicloud environments comes an even greater need for robust cybersecurity. When asked what percentage of their sensitive data is stored in the cloud, 66% said between 21 and 60%. However, only 25% said they could fully classify all data.

Additionally, 32% of respondents admitted to having to issue a breach notification to a government agency, customer, partner, or employees. This should be a concern for companies with sensitive data, especially in highly regulated industries.

Cyberattacks also pose an ongoing risk to cloud applications and data. Respondents reported an increasing prevalence of attacks, with 26% citing an increase in malware, 25% in ransomware, and 19% reporting an increase in phishing/whaling.

Protection of sensitive data

When it comes to securing data in multicloud environments, IT professionals consider encryption a critical security control. The majority of respondents cited encryption (59%) and key management (52%) as the security technologies they currently use to protect sensitive data in the cloud.

However, when asked what percentage of their data in the cloud is encrypted, 11% of respondents said between 81 and 100% is encrypted. Additionally, the proliferation of key management platforms can be a problem for enterprises. Only 10% of respondents use one to two platforms, 90% use three or more, and 17% admit to using eight or more platforms.

Encryption should be a priority area for businesses to focus on when it comes to securing data in the cloud. In fact, 40% of respondents said they were able to avoid the breach notification process because the stolen or leaked data was encrypted or tokenized, showing the tangible value of encryption platforms.

Additionally, it is encouraging to see signs that companies are embracing zero trust and investing accordingly. 29% of respondents said they were already implementing a zero-trust strategy, 27% said they were evaluating and planning one, and 23% said they were considering it. It’s a positive result, but there is certainly still room to grow.

Sebastien Cano, SVP for Cloud Protection and Licensing activities at Thales, said: “The complexity of managing multi-cloud environments cannot be overstated. Additionally, the growing importance of data sovereignty raises more and more questions for CISOs and data protection officers when considering their cloud strategy, governance, and risk management. The challenge is not only to know where the sensitive data resides geographically, but also to know who has access to the sensitive data within the organization.

“There are different solutions such as encryption and key management. Last but not least, continuing to adopt a zero-trust strategy will be key to securing these complex environments, helping to ensure that organizations can support their data and manage future challenges.

Sharon D. Cole